The final patch will implement a non-blocking connect,
which means that siw_connect() will be split into
siw_connect() and siw_connected().
kernel_bindconnect() will be the last action
in siw_connect(), while the MPA negotiation
is deferred to siw_connected().
We should not rely on the callers private data
pointers to be still valid when siw_connected()
is called, so we better create a copy.
Fixes: 6c52fdc244b5 ("rdma/siw: connection management")
Signed-off-by: Stefan Metzmacher <metze@xxxxxxxxx>
Cc: Bernard Metzler <bmt@xxxxxxxxxxxxxx>
Cc: linux-rdma@xxxxxxxxxxxxxxx
---
drivers/infiniband/sw/siw/siw_cm.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c
index 027bc18cb801..41d3436985a6 100644
--- a/drivers/infiniband/sw/siw/siw_cm.c
+++ b/drivers/infiniband/sw/siw/siw_cm.c
@@ -1519,13 +1519,25 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
}
memcpy(cep->mpa.hdr.key, MPA_KEY_REQ, 16);
+ cep->mpa.pdata = kmemdup(params->private_data, pd_len, GFP_KERNEL);
+ if (IS_ERR_OR_NULL(cep->mpa.pdata)) {
+ rv = -ENOMEM;
+ goto error;
+ }
+ cep->mpa.hdr.params.pd_len = pd_len;
+
cep->state = SIW_EPSTATE_AWAIT_MPAREP;
- rv = siw_send_mpareqrep(cep, params->private_data, pd_len);
+ rv = siw_send_mpareqrep(cep, cep->mpa.pdata,
+ cep->mpa.hdr.params.pd_len);
/*
* Reset private data.
*/
- cep->mpa.hdr.params.pd_len = 0;
+ if (cep->mpa.hdr.params.pd_len) {
+ cep->mpa.hdr.params.pd_len = 0;
+ kfree(cep->mpa.pdata);
+ cep->mpa.pdata = NULL;
+ }
if (rv >= 0) {
rv = siw_cm_queue_work(cep, SIW_CM_WORK_MPATIMEOUT);
--
2.25.1
